CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13083
https://notcve.org/view.php?id=CVE-2017-13083
18 Oct 2017 — Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code Akeo Consulting Rufus en versiones anteriores a la 2.17.1187 no valida adecuadamente la integridad de las actualizaciones descargadas a través de HTTP, permitiendo que un atacante convenza fácilmente a un usuario para que ejecute código arbitrario. • http://www.kb.cert.org/vuls/id/403768 • CWE-295: Improper Certificate Validation CWE-345: Insufficient Verification of Data Authenticity CWE-347: Improper Verification of Cryptographic Signature CWE-494: Download of Code Without Integrity Check •